Switch User Manual

Configuration | User Management | Base Group
12-5
VPN 3000 Concentrator Series User Guide
Simultaneous Logins
Enter the number of simultaneous logins permitted for a single user. The minimum is 0, which disables
login and prevents user access; default is
3. While there is no maximum limit, allowing several could
compromise security and affect performance.
Minimum Password Length
Enter the minimum number of characters for user passwords. The minimum is 1, the default is 8, and
the maximum is
32. To protect security, we strongly recommend 8 or higher.
Allow Alphabetic-Only Passwords
Check the box to allow user passwords with alphabetic characters only (the default). This option applies
only to users who are configured in and authenticated by the VPN Concentrator internal authentication
server. To protect security, we strongly recommend that you not allow such passwords; i.e., that you
require passwords to be a mix of alphabetic characters, numbers, and symbols, such as
648e&9G#.
Idle Timeout
Enter the idle timeout period in minutes. If there is no communication activity on a user connection in
this period, the system terminates the connection. The minimum is
1, the default is 30 minutes, and the
maximum is
2147483647 minutes (over 4000 years). To disable timeout and allow an unlimited idle
period, enter
0.
Maximum Connect Time
Enter the maximum user connection time in minutes. At the end of this time, the system terminates the
connection. The minimum is
1 minute, and the maximum is 2147483647 minutes (over 4000 years). To
allow unlimited connection time, enter
0 (the default).
Filter
Filters consist of rules that determine whether to allow or reject tunneled data packets coming through
the VPN Concentrator, based on criteria such as source address, destination address, and protocol. Cisco
supplies three default filters, which you can modify. To configure filters and rules, see the
Configuration
| Policy Management | Traffic Management
screens.
Click the drop-down menu button and select the base-group filter:
--None-- = No filter applied, which means there are no restrictions on tunneled data traffic. This is
the default selection.
Private (Default) = Allow all packets except source-routed IP packets. (This is the default filter for the
private Ethernet interface.)
Public (Default) = Allow inbound and outbound tunneling protocols plus ICMP and VRRP. Allow
fragmented IP packets. Drop everything else, including source-routed packets. (This is the default
filter for the public Ethernet interface.)
External (Default) = No rules applied to this filter. Drop all packets. (This is the default filter for the
external Ethernet interface.)
Additional filters that you have configured also appear on the list.